WordPress Plugin Vulnerabilities

Profile Builder < 2.4.1 - Privilege Escalation

Description

The User Registration & User Profile – Profile Builder WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

Plugin icon
profile-builder
Fixed in 2.4.1

References

URL
https://plugins.trac.wordpress.org/changeset/1450638/profile-builder
URL
https://www.wordfence.com/blog/2016/07/vulnerability-profile-builder/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3c5bb7e1-8d1c-4efc-a76b-1c7c73b449f3

Timeline

Publicly Published
2016-07-08 (about 9 years ago)
Added
2016-07-08 (about 9 years ago)
Last Updated
2020-11-26 (about 5 years ago)

Other

Published
Title
Published
2024-10-09
Title
UserPlus <= 2.0 - Unauthenticated Privilege Escalation
Published
2026-02-18
Title
s2Member < 260215 - Unauthenticated Privilege Escalation via Account Takeover
Published
2025-01-06
Title
School Management System <= 1.0.8 - Unauthenticated Privilege Escalation
Published
2025-07-22
Title
Social Streams <= 1.2.1 - Subscriber+ Privilege Escalation
Published
2025-06-25
Title
Simple User Registration < 6.4 - Unauthenticated Privilege Escalation